Department of Homeland Security Daily Open Source Infrastructure Report

Friday, April 2, 2010

Complete DHS Daily Report for April 2, 2010

Daily Report

Top Stories


 According to the Pittsburgh Post-Gazette, property owners living near the site of an Atlas Energy gas well operation that caught fire in Washington County, Pennsylvania Wednesday morning said they had been trying for days to reach state officials about noxious odors at the site before the incident. (See item 2)

2. April 1, Pittsburgh Post-Gazette – (Pennsylvania) Residents reported gas odors before explosion. Property owners living near the site of a gas well operation that caught fire in Washington County Wednesday morning said they had been trying for days to reach state officials about noxious odors at the site. The owner of the property where an Atlas Energy wastewater impoundment pond caught fire on Wednesday and a neighbor said they experienced a “horrendous gas smell” in the days leading up to the fire, but they could not reach state officials to warn them. Both men said they heard a loud explosion at about 8 a.m. Wednesday and saw an impoundment pond on fire with clouds of black smoke. One said he contacted a hotline for the state Department of Environmental Resources on Sunday, but was unable to reach agency officials because their voicemail boxes were full. A DEP spokeswoman said a preliminary investigation indicated that gas on the surface of the wastewater may have ignited the 100-by-80-foot impoundment and nearby equipment. The Washington County public safety director said the county’s hazardous materials team responded to the site and used foam to extinguish a fire at a holding tank that is used to separate water and sand near the impoundment. The impoundment’s rubber liner was allowed to burn out on its own. Atlas Energy said in a statement on Wednesday that it would work to find the cause of the fire, which resulted in minor slip-and-fall injury to a contractor. “We anticipate the resumption of normal operations in the near future,” said Atlas Energy’s senior vice president. Source:

 The Nevada Appeal reports that the Nevada Capitol was locked down late Tuesday after the FBI advised the governors of all 50 states they would be receiving letters from an extremist group demanding their resignations, according to the deputy chief of staff to the Nevada governor. The letters reportedly advise governors that, if they do not resign, members of the group will “commandeer” their offices. (See item 32)

32. April 1, Nevada Appeal – (Nevada; National) Capitol adds security after threats. State workers and visitors to the Nevada Capitol arrived Wednesday morning to find all but the front door locked and metal detectors for both packages and people set up at the entrance. The Capitol was locked down late Tuesday after the FBI advised the governors of all 50 states they would be receiving letters from an extremist group demanding their resignations, according to the deputy chief of staff to the Nevada governor. The chief of staff said the decision was to “err on the side of caution” and implement tough security measures. The Capitol houses offices of the governor, lieutenant governor, secretary of state, controller and treasurer. The letters reportedly advise governors that, if they do not resign, members of the group will “commandeer” their offices. It was received by the Capitol Police at noon Monday and immediately turned over to FBI investigators. The letters are apparently from an organization allied with Sovereign Citizens, which the Anti-Defamation League identifies as a collection of anti-government groups advocating an anarchist ideology. Its followers believe every level of government in the United States is illegitimate and should be eliminated. Source:

Banking and Finance Sector

15. April 1, WABI 5 Bangor – (Maine) Bank warns customers of scam. Machias Savings Bank has detected a phishing scam. They are warning customers to not give out their usernames, passwords, or credit card information. The attackers are sending e-mails, text messages, and placing automated phone calls. By policy, Machias Savings Bank does not ask for personal information, usernames, passwords, or account information over the phone or via e-mail. Source:

16. April 1, Lower Hudson Journal News – (National) Feds announce new unit to fight financial fraud. Federal prosecutors are set to open a new avenue of attack against financial fraud. Already tasked with criminal investigations and prosecutions of large-scale financial crimes, a U.S. attorney said his office is forming a new unit to go after alleged fraud artists through civil lawsuits. The new civil frauds unit will be a counterpart to the complex frauds unit that the U.S. attorney recently announced would be handling criminal probes of major financial frauds. Using civil suits to enforce federal fraud statutes allows investigators to use options not available in criminal cases. The standard of proof required to secure a judgment in a civil case is lower than in criminal prosecutions. In some cases, courts can award plaintiffs three times the amount of actual damages to punish violators. Source:

17. March 31, PC Advisor UK – (International) Concern over surge in banking Trojans. Trojans made up nearly two thirds (61 percent) of all new malware identified during the first quarter of 2010, says PandaLabs. According to the security firm’s Q1 2010 report, the majority of these were banking trojans. Panda Labs revealed the amount of new malware in circulation has continued to rise during the first quarter of 2010, while viruses were named the second biggest threat, making up 15.1 percent of all new malware identified. The security firm named Spain as the most infected country, with 35 percent of all its PCs infected with malware. The USA was second as 17 percent of its PCs have malware installed on them, while Mexico was in third place with five percent of its PCs infected. PandaLabs said cyber criminals had continued to exploit popular topics such as Apple’s iPad and Facebook applications during Q1 of 2010, in a bid to spread malware. Source:

18. March 31, KSPR 33 Springfield – (Kansas; Missouri) FBI: Despite surges, bank robbery numbers remain average in Ozarks. The Federal Bureau of Investigation says despite constant mugshots and surveillance video flashing across television screens, bank robberies are not on the rise. The Kansas City FBI Field Office serves the entire State of Kansas as well as the Western District of Missouri including the Ozarks. A spokeswoman says robberies are happening in spurts such as three or four in a row but there is not an overall increase. The spokeswoman says bank robbers are becoming more organized, often putting in more planning and bringing along an accomplice. Still agents say the number of crooks after customer’s bank’s money remains about the same. Since February 4, 2010, robbers targeted at least four Springfield banks. Source:

Information Technology

41. April 1, SC Magazine – (International) Claims made that personal knowledge questions are no longer viable for email. A recent blog claimed that as long as general questions are used as a ‘forgot password’ backup, most web authentication is no more secure than personal knowledge questions. A researcher from the University of Cambridge wrote that with incidents such as a Vice Presidential candidate’s webmail account being hacked and the taking of Twitter documents from a Gmail account, the questions and answers for forgotten passwords are easy to look up online, often found in public records, and easy for friends and acquaintances to guess. He said that using guessing metrics, his team could provide a few theorems that prove in a strong way that high entropy can give you no security at all against a trawling attacker in the real world. Source:

42. April 1, – (International) Conficker could still ‘wreak havoc’. Security firm Symantec has used the first anniversary of the Conficker/Downadup ‘activation’ date to warn users that the botnet could still “wreak havoc”. Security professionals across the globe were braced for trouble on 1 April 2009, after news emerged that PCs infected with the Conficker.C worm would connect to a control server on that date, as a prelude to a possible attack. In the end no such attack materialised, but 6.5 million systems are still infected with the .A and .B variants, and a few hundred thousand with the .C variant, and the botnet still represents a significant threat, according to Symantec. “With millions of infections in the wild, Downadup should not simply be laughed off,” said a Symantec Security Response spokesperson in a video posting on YouTube. Symantec advised firms to keep software, operating systems and security systems patched and up to date, and to download the W32.Downadup Removal Tool if they notice any infections. Source:

43. March 31, PC World – (International) Mozilla pushes out last update to Firefox 3.0. The March 30 update for Firefox 3.0 will be the last, according to Mozilla. The 3.0.19 patch fixes five critical security bugs, and another rated high. The critical bugs could be exploited to “run arbitrary code,” which usually translates to “install malware.” Firefox 3.0 users can head to Help | About Mozilla Firefox to check the current browser version, and click Help | Check for Updates if it’s not already at 3.0.19. And then head to to upgrade to 3.6 so as to not be left stranded with an out-of-date browser. For full details see the Firefox 3 release notes. Source:

44. March 31, – (International) Gaming apps increase spam, phishing by 50 percent. Gamers beware – the next person you add to your gaming social network could be a spammer or phisher. A new report from BitDefender found that gaming applications increase spam and phishing by more than 50 percent in social networks. While most users of social networks are somewhat selective in who they add to circle of friends – filtering out those they suspect to be spammers – gamers often willingly add suspicious friends in an effort to expand their player community. Some entertainment apps require users to amass a large number of friends and supporters in order to attain high scores, prompting players to add people they might not normally add. The most “successful” spammers are those that copy existing profiles. Source:,2817,2362134,00.asp

45. March 31, ComputerWorld – (International) Microsoft runs fuzzing botnet, finds 1,800 Office bugs. Microsoft uncovered more than 1,800 bugs in Office 2010 by tapping into the unused computing horsepower of idling PCs, a company security engineer said on March 31. Office developers found the bugs by running millions of “fuzzing” tests, said the senior security test lead with Microsoft’s Trustworthy Computing group. Fuzzing, a practice employed by both software developers and security researchers, searches for flaws by inserting data into file format parsers to see where programs fail by crashing. Because some crash bugs can be further exploited to successfully hack software, allowing an attacker to insert malicious code, fuzzing is of great interest to both legitimate and criminal researchers looking for security vulnerabilities. “We found and fixed about 1,800 bugs in Office 2010’s code,” said the test lead, who last week co-hosted a presentation on Microsoft’s fuzzing efforts at the CanSecWest security conference in Vancouver, British Columbia. “While a large number, it’s important to note that that doesn’t mean we found 1,800 security issues. We also want to fix things that are not security concerns.” Source:

46. March 31, Agence France Presse – (International) Google Street View car vandalized in Germany. Vandals in Germany have sabotaged a Google Street View car, police say, an apparent act of protest against the navigation service that is controversial in the country amid privacy concerns. A Google employee left his specially-modified black Opel with eight mounted cameras parked overnight in the northern city of Oldenburg, but returned to find the tires let down and the camera cables slashed, local police said. “The employee found a note under the windshield saying, ‘Please do not drive away, you have a puncture’,” a police spokesman said, adding the saboteurs seemed concerned no harm should come to the driver of the vehicle. Germany, where Google intends to launch the technology this year, is especially sensitive to the issue after abuses of privacy by the Nazis and the Stasi secret police of the old East German communist regime. Source:

47. March 31, Krebs on Security – (International) Spam site registrations flee China for Russia. A crackdown by the Chinese government on anonymous domain name registrations has chased spammers from Chinese registrars (.cn) to those that handle the registration of Russian (.ru) Web site names, new spam figures suggest. Yet, those spammy domains may soon migrate to yet another country, as Russia is set to enforce a policy similar to China’s beginning April 1. In mid-December 2009, the China Internet Network Information Center (CNNIC) announced that it was instituting steps to make it much harder to register a website anonymously in China, by barring individuals from registering domains ending in .cn. Under the new policy, those who want to register a new .cn domain name need to hand in written application forms, complete with a business license and an identity card. Chinese authorities called the move a crackdown on phishing and pornographic websites, but human rights and privacy groups marked it as yet another effort by Chinese leaders to maintain tight control over their corner of the Internet. Nevertheless, the policy clearly caught the attention of the world’s most profligate spammers, who spam experts say could always count on Chinese registrars as a cheap and reliable place to buy domains for Web sites that would later be advertised in junk e-mail. According to data obtained from two anti-spam experts, new registrations for sites advertised in spam began migrating from .cn to .ru just a few weeks after the Chinese domain policy took effect. In early January 2010, and indeed in the months leading up to the new year, the percentage of domains advertised in spam registered in the .cn space dwarfed the number of .ru spam-related domains, according to figures gathered by the University of Alabama at Birmingham. But by mid-January, the number of .cn spam domains began to fall off dramatically, while the number of .ru spam domains increased markedly, UAB found. Source:

Communications Sector

48. April 1, Oregon Statesman Journal – (Oregon) Station translator source of FM radio issues. The pulsating static interrupting FM radio stations in downtown Salem is gone — and no, it wasn’t just the radio. After two days, the source of the problem was identified: a translator — a device used to re-broadcast another signal — on top of the Equitable Center at High and Center streets NE. The Statesman Journal received nearly 100 e-mails and phone calls, with most reporting problems with stations in the 90 megahertz range — the stations with numbers in the 90s — and most problems being downtown. The translator belongs to Bicoastal Media, and it is used to broadcast Albany country station KRKT on the 96.3 frequency to the Salem area. The translator had “electronically drifted,” Bicoastal officials said. Although it did not appear to be damaged, it was broadcasting into other stations as well as its own, known as “spurious emission.” Eugene-based engineers were sent to fix the translator, and the media company’s vice president and director of technology said the problem was corrected by 1:10 p.m. Source:

49. March 31, Bakersfield Californian – (California) AT&T acknowledges service disruption. Local AT&T wireless customers lost service for nearly six hours on March 25 because of a software problem, a company spokeswoman said on March 31. Service in parts of Bakersfield — primarily affecting wireless data services — was disrupted at 10:03 a.m. and restored at 3:45 p.m., a spokeswoman wrote in an e-mail. “Because it’s wireless technology, it’s hard to determine how many customers may have been affected (i.e. people drive around, they may or may not have been in the range of an affected cell site, etc.), but we only received a handful of complaints in the area,” she wrote. “We apologize for any inconvenience to our customers.” Source:

For another story, see item 47 above in Information Technology